cancel
Showing results for 
Search instead for 
Did you mean: 
Login & Join the DevCentral Connects Group to watch the Recorded LiveStream (May 12) on Basic iControl Security - show notes included.

Azure MFA service integration with APM

Oreoluwa
Altocumulus
Altocumulus

Hi,

Do i need to have an Azure MFA Radius Server on prem to implement MFA with my APM? Can't i use the default Azure MFA service that comes with my Azure AD? On Azure AD, i could just tick boxes to choose my users who should use MFA and for what Applications. Can I do this for F5 too?

 

 

7 REPLIES 7

Pistle
Nimbostratus
Nimbostratus

RADIUS is a standard protocol to accept authentication requests and to process those requests. The Azure Multi-Factor Authentication Server can act as a RADIUS server. Insert it between your RADIUS client (VPN appliance) and your authentication target to add two-step verification. Your authentication target could be Active Directory, an LDAP directory, or another RADIUS server. For Azure Multi-Factor Authentication (MFA) to function, you must configure the Azure MFA Server so that it can communicate with both the client servers and the authentication target. The Azure MFA Server accepts requests from a RADIUS client, validates credentials against the authentication target, adds Azure Multi-Factor Authentication, and sends a response back to the RADIUS client. The authentication request only succeeds if both the primary authentication and the Azure Multi-Factor Authentication succeed. I would recommend, refer Managed Azure Services, to get more details about the Azure services.

Best regards

Thank you Pistle

boneyard
MVP
MVP

while RADIUS is an option it is also possible to do this more native

 

https://devcentral.f5.com/s/articles/Azure-Active-Directory-and-BIG-IP-APM-Integration

 

the world is moving more and more to saml for authentication, it sure is possible to setup RADIUS server in Azure, but why not give the the native authentication method a try

Hi Boneyard, i eventually used SAML and it worked for the authentication. However, there was a new hurdle. Portal access for Azure User groups using SAML attributes. I am not sure how to go about this. Could you help please?

it has been a while but i got this worked out some time ago.

 

within the Azure Enterprise Application you have the option to return SAML attributes. Azure calls it claims. there you can return for example groups which you can filter on at the APM level as with AD group attributes.

I am facing the same issue, How you managed to solve this ?

like i wrote before:

 

within the Azure Enterprise Application you have the option to return SAML attributes. Azure calls it claims. there you can return for example groups which you can filter on at the APM level as with AD group attributes.